Tech Privacy: Third-Party Apps Not Affected By Massive Facebook Data Breach

Facebook closed out September by announcing that 50 million users had their data compromised by hackers. After several days of investigation, Facebook returned with a blog post on Monday clarifying that third-party apps were not affected by the data breach.

Facebook product VP Guy Rosen wrote in the blog post that developers of third-party apps need not worry about being affected by the hack. Specifically, apps that let users log in to their services using Facebook were protected from the attack, according to Rosen.

Many mobile apps allow Facebook logins, as it allows users to get in and utilize those apps without going through an extensive sign-up process. Rosen said third-party developers who used Facebook’s official software developer kit (SDK) should be fine. Those who did not will have access to an upcoming tool from Facebook to identify any users who were compromised.

“We’re sorry that this attack happened — and we’ll continue to update people as we find out more,” Rosen wrote.

The hack arose from Facebook’s “View As” feature, a setting on the site that lets users see how their profile would look to someone else with a different level of access. The hackers stole Facebook “access tokens” and used them to control accounts that did not belong to them. By the time Facebook announced the breach last week, the problem had been fixed and authorities had been contacted.

Facebook reset 90 million access tokens in total, which is why some Facebook users may have been prompted to log back into their accounts last week, despite never having logged out. That reset should have protected apps running Facebook’s login SDK. The company admitted it did not know whether or not any of the breached data was misused in any way.

It was the largest breach of Facebook user data in the company’s history, according to the New York Times.

Facebook has also dealt with the Cambridge Analytica scandal throughout the year, which involved the personal data of 87 million users being mined by a personality quiz on the site and sold to an election consulting firm.